Americas, Security Program Controls/Technologies

U.S. Government Pushes Security-Centric Hardware Designs


The Defense Advanced Research Projects Agency (DARPA) recently launched a program to develop a framework for implementing cybersecurity into chips' microarchitecture.

DARPA's System Security Integrated Through Hardware and Firmware (SSITH) program promotes cyber-protection at the hardware and circuit level rather than software-based security patches.

It encourages system-on-chip (SoC) designers to develop hardware design tools that provide security against hardware vulnerabilities that are exploited through software in U.S. Department of Defense (DoD) and commercial electronic systems.

A Closer Look at the SSITH Program

The SSITH program emphasizes two technical areas:

  1. Development and demonstration of hardware architecture that protects against hardware vulnerabilities, along with design tools the electronics community would need for including hardware-based security innovations in their design and manufacturing practices.
  2. Use of methodologies and metrics for measuring the security status of new electronic systems and any trade-offs in terms of system performance, power needs and efficiency, circuit area and other standard circuit features.

In addition, the SSITH program is designed to address seven hardware vulnerability classes:

  • Buffer errors.
  • Code injection.
  • Crypto errors.
  • Information leakage.
  • Numeric errors.
  • Permissions and privileges.
  • Resource management.

Researchers have documented at least 2,800 software breaches that have taken advantage of one or more of these hardware vulnerabilities, SSITH Program Manager Linton Salmon said in a prepared statement.

As such, eliminating these hardware weaknesses would remove more than 40 percent of the software doors available to cybercriminals, according to Salmon.

The Problem with Software Patches

A software patch to a hardware-based security flaw usually helps an end user manage a symptom associated with an underlying hardware vulnerability, DARPA stated.

However, a software patch does not address the hardware vulnerability itself, which makes an end user susceptible to follow-on, software-based breaches.

The SSITH program helps end users eliminate the "patch and pray" approach of software patches, Salmon noted.

It complements DARPA software security efforts like High-Assurance Cyber Military Systems (HACMS) and the Cyber Grand Challenge (CGC), Salmon said, and may lead to new technologies to develop ICs that are immune to cyberattacks.

"The SSITH program challenges researchers to design security directly at the hardware architecture level," Salmon noted in a prepared statement. "Instead of relying on software Band-Aids to hardware-based security issues, we are aiming to remove those hardware vulnerabilities in ways that will disarm a large proportion of today's software attacks."

DARPA has invested $50 million in the SSITH program and expects to complete the program within three years.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.